Search Results

Search found 1424 results on 57 pages for 'roles'.

Page 5/57 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • BAD DC transfering FSMO Roles to ADC

    - by Suleman
    I have a DC (FQDN:server.icmcpk.local) and an ADC (FQDN:file-server.icmcpk.local). Recently my DC is facing a bad sector problem so I changed the Operation Masters to file-server for all five roles. but when ever i turn off the OLD DC the file-server also stops wroking with AD and GPMC further i m also unable to join any other computer to this domain. For Test purpose i also added a new ADC (FQDN:wds-server.icmcpk.local) but no succes with the old DC off i had to turn the old DC on and then joined it. I m attaching the Dcdiags for all three servers. Kindly help me so that i b able to reinstall new HDD and it can go online again. --------------------------------------- Server --------------------------------------- C:\Program Files\Support Tools>dcdiag Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\SERVER Starting test: Connectivity ......................... SERVER passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\SERVER Starting test: Replications [Replications Check,SERVER] A recent replication attempt failed: From FILE-SERVER to SERVER Naming Context: DC=ForestDnsZones,DC=icmcpk,DC=local The replication generated an error (1908): Could not find the domain controller for this domain. The failure occurred at 2012-05-04 14:07:13. The last success occurred at 2012-05-04 13:48:39. 1 failures have occurred since the last success. Kerberos Error. A KDC was not found to authenticate the call. Check that sufficient domain controllers are available. [Replications Check,SERVER] A recent replication attempt failed: From WDS-SERVER to SERVER Naming Context: DC=ForestDnsZones,DC=icmcpk,DC=local The replication generated an error (1908): Could not find the domain controller for this domain. The failure occurred at 2012-05-04 14:07:13. The last success occurred at 2012-05-04 13:48:39. 1 failures have occurred since the last success. Kerberos Error. A KDC was not found to authenticate the call. Check that sufficient domain controllers are available. [Replications Check,SERVER] A recent replication attempt failed: From FILE-SERVER to SERVER Naming Context: DC=DomainDnsZones,DC=icmcpk,DC=local The replication generated an error (1908): Could not find the domain controller for this domain. The failure occurred at 2012-05-04 14:07:13. The last success occurred at 2012-05-04 13:48:39. 1 failures have occurred since the last success. Kerberos Error. A KDC was not found to authenticate the call. Check that sufficient domain controllers are available. [Replications Check,SERVER] A recent replication attempt failed: From WDS-SERVER to SERVER Naming Context: DC=DomainDnsZones,DC=icmcpk,DC=local The replication generated an error (1908): Could not find the domain controller for this domain. The failure occurred at 2012-05-04 14:07:13. The last success occurred at 2012-05-04 13:48:39. 1 failures have occurred since the last success. Kerberos Error. A KDC was not found to authenticate the call. Check that sufficient domain controllers are available. [Replications Check,SERVER] A recent replication attempt failed: From FILE-SERVER to SERVER Naming Context: CN=Schema,CN=Configuration,DC=icmcpk,DC=local The replication generated an error (1908): Could not find the domain controller for this domain. The failure occurred at 2012-05-04 14:07:13. The last success occurred at 2012-05-04 13:48:39. 1 failures have occurred since the last success. Kerberos Error. A KDC was not found to authenticate the call. Check that sufficient domain controllers are available. [Replications Check,SERVER] A recent replication attempt failed: From WDS-SERVER to SERVER Naming Context: CN=Schema,CN=Configuration,DC=icmcpk,DC=local The replication generated an error (1908): Could not find the domain controller for this domain. The failure occurred at 2012-05-04 14:07:13. The last success occurred at 2012-05-04 13:48:39. 1 failures have occurred since the last success. Kerberos Error. A KDC was not found to authenticate the call. Check that sufficient domain controllers are available. [Replications Check,SERVER] A recent replication attempt failed: From WDS-SERVER to SERVER Naming Context: DC=icmcpk,DC=local The replication generated an error (1908): Could not find the domain controller for this domain. The failure occurred at 2012-05-04 14:07:13. The last success occurred at 2012-05-04 13:48:39. 1 failures have occurred since the last success. Kerberos Error. A KDC was not found to authenticate the call. Check that sufficient domain controllers are available. ......................... SERVER passed test Replications Starting test: NCSecDesc ......................... SERVER passed test NCSecDesc Starting test: NetLogons ......................... SERVER passed test NetLogons Starting test: Advertising ......................... SERVER passed test Advertising Starting test: KnowsOfRoleHolders ......................... SERVER passed test KnowsOfRoleHolders Starting test: RidManager ......................... SERVER passed test RidManager Starting test: MachineAccount ......................... SERVER passed test MachineAccount Starting test: Services ......................... SERVER passed test Services Starting test: ObjectsReplicated ......................... SERVER passed test ObjectsReplicated Starting test: frssysvol ......................... SERVER passed test frssysvol Starting test: frsevent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. ......................... SERVER failed test frsevent Starting test: kccevent ......................... SERVER passed test kccevent Starting test: systemlog An Error Event occured. EventID: 0x80001778 Time Generated: 05/04/2012 14:05:39 Event String: The previous system shutdown at 1:26:31 PM on An Error Event occured. EventID: 0x825A0011 Time Generated: 05/04/2012 14:07:45 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 05/04/2012 14:13:40 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 05/04/2012 14:14:25 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 05/04/2012 14:14:25 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 05/04/2012 14:14:38 (Event String could not be retrieved) An Error Event occured. EventID: 0xC1010020 Time Generated: 05/04/2012 14:16:14 Event String: Dependent Assembly Microsoft.VC80.MFCLOC could An Error Event occured. EventID: 0xC101003B Time Generated: 05/04/2012 14:16:14 Event String: Resolve Partial Assembly failed for An Error Event occured. EventID: 0xC101003B Time Generated: 05/04/2012 14:16:14 Event String: Generate Activation Context failed for An Error Event occured. EventID: 0xC1010020 Time Generated: 05/04/2012 14:16:14 Event String: Dependent Assembly Microsoft.VC80.MFCLOC could An Error Event occured. EventID: 0xC101003B Time Generated: 05/04/2012 14:16:14 Event String: Resolve Partial Assembly failed for An Error Event occured. EventID: 0xC101003B Time Generated: 05/04/2012 14:16:14 Event String: Generate Activation Context failed for An Error Event occured. EventID: 0x825A0011 Time Generated: 05/04/2012 14:22:57 (Event String could not be retrieved) An Error Event occured. EventID: 0xC1010020 Time Generated: 05/04/2012 14:22:59 Event String: Dependent Assembly Microsoft.VC80.MFCLOC could An Error Event occured. EventID: 0xC101003B Time Generated: 05/04/2012 14:22:59 Event String: Resolve Partial Assembly failed for An Error Event occured. EventID: 0xC101003B Time Generated: 05/04/2012 14:22:59 Event String: Generate Activation Context failed for An Error Event occured. EventID: 0xC1010020 Time Generated: 05/04/2012 14:22:59 Event String: Dependent Assembly Microsoft.VC80.MFCLOC could An Error Event occured. EventID: 0xC101003B Time Generated: 05/04/2012 14:22:59 Event String: Resolve Partial Assembly failed for An Error Event occured. EventID: 0xC101003B Time Generated: 05/04/2012 14:22:59 Event String: Generate Activation Context failed for ......................... SERVER failed test systemlog Starting test: VerifyReferences ......................... SERVER passed test VerifyReferences Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : icmcpk Starting test: CrossRefValidation ......................... icmcpk passed test CrossRefValidation Starting test: CheckSDRefDom ......................... icmcpk passed test CheckSDRefDom Running enterprise tests on : icmcpk.local Starting test: Intersite ......................... icmcpk.local passed test Intersite Starting test: FsmoCheck ......................... icmcpk.local passed test FsmoCheck ---------------------- File-Server ---------------------- C:\Users\Administrator.ICMCPK>dcdiag Directory Server Diagnosis Performing initial setup: Trying to find home server... Home Server = FILE-SERVER * Identified AD Forest. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\FILE-SERVER Starting test: Connectivity ......................... FILE-SERVER passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\FILE-SERVER Starting test: Advertising Warning: DsGetDcName returned information for \\Server.icmcpk.local, when we were trying to reach FILE-SERVER. SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE. ......................... FILE-SERVER failed test Advertising Starting test: FrsEvent ......................... FILE-SERVER passed test FrsEvent Starting test: DFSREvent ......................... FILE-SERVER passed test DFSREvent Starting test: SysVolCheck ......................... FILE-SERVER passed test SysVolCheck Starting test: KccEvent ......................... FILE-SERVER passed test KccEvent Starting test: KnowsOfRoleHolders ......................... FILE-SERVER passed test KnowsOfRoleHolders Starting test: MachineAccount ......................... FILE-SERVER passed test MachineAccount Starting test: NCSecDesc Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=ForestDnsZones,DC=icmcpk,DC=local Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=DomainDnsZones,DC=icmcpk,DC=local ......................... FILE-SERVER failed test NCSecDesc Starting test: NetLogons Unable to connect to the NETLOGON share! (\\FILE-SERVER\netlogon) [FILE-SERVER] An net use or LsaPolicy operation failed with error 67, The network name cannot be found.. ......................... FILE-SERVER failed test NetLogons Starting test: ObjectsReplicated ......................... FILE-SERVER passed test ObjectsReplicated Starting test: Replications ......................... FILE-SERVER passed test Replications Starting test: RidManager ......................... FILE-SERVER passed test RidManager Starting test: Services ......................... FILE-SERVER passed test Services Starting test: SystemLog An Error Event occurred. EventID: 0x00000469 Time Generated: 05/04/2012 14:01:10 Event String: The processing of Group Policy failed because of lack of network con nectivity to a domain controller. This may be a transient condition. A success m essage would be generated once the machine gets connected to the domain controll er and Group Policy has succesfully processed. If you do not see a success messa ge for several hours, then contact your administrator. An Warning Event occurred. EventID: 0x8000A001 Time Generated: 05/04/2012 14:07:11 Event String: The Security System could not establish a secured connection with th e server ldap/icmcpk.local/[email protected]. No authentication protocol was available. An Warning Event occurred. EventID: 0x00000BBC Time Generated: 05/04/2012 14:30:34 Event String: Windows Defender Real-Time Protection agent has detected changes. Mi crosoft recommends you analyze the software that made these changes for potentia l risks. You can use information about how these programs operate to choose whet her to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. An Warning Event occurred. EventID: 0x00000BBC Time Generated: 05/04/2012 14:30:36 Event String: Windows Defender Real-Time Protection agent has detected changes. Mi crosoft recommends you analyze the software that made these changes for potentia l risks. You can use information about how these programs operate to choose whet her to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. ......................... FILE-SERVER failed test SystemLog Starting test: VerifyReferences ......................... FILE-SERVER passed test VerifyReferences Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : icmcpk Starting test: CheckSDRefDom ......................... icmcpk passed test CheckSDRefDom Starting test: CrossRefValidation ......................... icmcpk passed test CrossRefValidation Running enterprise tests on : icmcpk.local Starting test: LocatorCheck ......................... icmcpk.local passed test LocatorCheck Starting test: Intersite ......................... icmcpk.local passed test Intersite --------------------- WDS-Server --------------------- C:\Users\Administrator.ICMCPK>dcdiag Directory Server Diagnosis Performing initial setup: Trying to find home server... Home Server = WDS-SERVER * Identified AD Forest. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\WDS-SERVER Starting test: Connectivity ......................... WDS-SERVER passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\WDS-SERVER Starting test: Advertising Warning: DsGetDcName returned information for \\Server.icmcpk.local, when we were trying to reach WDS-SERVER. SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE. ......................... WDS-SERVER failed test Advertising Starting test: FrsEvent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. ......................... WDS-SERVER passed test FrsEvent Starting test: DFSREvent ......................... WDS-SERVER passed test DFSREvent Starting test: SysVolCheck ......................... WDS-SERVER passed test SysVolCheck Starting test: KccEvent ......................... WDS-SERVER passed test KccEvent Starting test: KnowsOfRoleHolders ......................... WDS-SERVER passed test KnowsOfRoleHolders Starting test: MachineAccount ......................... WDS-SERVER passed test MachineAccount Starting test: NCSecDesc Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=ForestDnsZones,DC=icmcpk,DC=local Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=DomainDnsZones,DC=icmcpk,DC=local ......................... WDS-SERVER failed test NCSecDesc Starting test: NetLogons Unable to connect to the NETLOGON share! (\\WDS-SERVER\netlogon) [WDS-SERVER] An net use or LsaPolicy operation failed with error 67, The network name cannot be found.. ......................... WDS-SERVER failed test NetLogons Starting test: ObjectsReplicated ......................... WDS-SERVER passed test ObjectsReplicated Starting test: Replications ......................... WDS-SERVER passed test Replications Starting test: RidManager ......................... WDS-SERVER passed test RidManager Starting test: Services ......................... WDS-SERVER passed test Services Starting test: SystemLog An Error Event occurred. EventID: 0x0000041E Time Generated: 05/04/2012 14:02:55 Event String: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly. An Error Event occurred. EventID: 0x0000041E Time Generated: 05/04/2012 14:08:33 Event String: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly. ......................... WDS-SERVER failed test SystemLog Starting test: VerifyReferences ......................... WDS-SERVER passed test VerifyReferences Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : icmcpk Starting test: CheckSDRefDom ......................... icmcpk passed test CheckSDRefDom Starting test: CrossRefValidation ......................... icmcpk passed test CrossRefValidation Running enterprise tests on : icmcpk.local Starting test: LocatorCheck ......................... icmcpk.local passed test LocatorCheck Starting test: Intersite ......................... icmcpk.local passed test Intersite

    Read the article

  • Company Administrators: Stay Alert!

    - by Pete
    Some of our customers choose to use the Themes feature to rebrand their Training and Support Center link, and redirect it to an internal support site. If your company does this, we strongly advise that for your employees that have the Administrator role, you maintain a separate theme that keeps the Administrator's Training and Support link pointed to the CRM On Demand Training and Support Center, and not redirect it to an internal support site. Why? The company administrator needs access to the Training and Support Center because it gives them pod-specific application alerts on the Support tab and pod-specific release information on the Release Info tab. If a customer no longer has access to the Training and Support Center URL because they have already rebranded that link, they can contact Customer Care to request it again.  

    Read the article

  • What Is The Relationship Between Software Architect and Team Member

    - by Steve Peng
    I work for a small company which has less than 100 persons. Several months ago, this company offered me position of SA and I accepted. There are three teams in this company, and I work for one of them. This is the first time I work as a SA. During the past months, I find I don't have any power of management, I even can't let the team member do things (coding-related) in the way which is correct and more efficient. The team members argue with me on very very basic technical questions and I have to explain to them again and again. Though some members did take my advice, other members stubbornly program in their way which frequently proved wrong finally. Recently I feel a little tired and confused. I wonder what is correct relationship between a Software Architect and team members including the team leader? Besides, is software architect also leaded by the Team Leader?

    Read the article

  • How to assign .net membership roles to individual database records

    - by mdresser
    I'm developing a system where we want to restrict the availability of information displayed to users based on their roles. e.g. I have a tabled called EventType (ID, EventTypeDescription) which contains the following records: 1, 'Basic Event' 2, 'Intermediate Event' 3, 'Admin Event' What I need to achieve is to filter the records returned based on the username (and hence role) of the logged-in user. e.g if an advanced user is logged in they will see all the event types, if the standard user is logged in they will only see the basic event type etc. Ideally id like to do this in a way which can be easily extended to other tables as necessary. So I'd like to avoid simply adding a 'Roles' field to each table where the data is user context sensitive. One idea I'm thinking of is to create some kind of permissions table like: PermissionsTable ( ID, Aspnet_RoleId, TableName, PrimaryKeyValue ) this has the drawback of using this is obviously having to use the table name to switch which table to join onto. Edit: In the absence of any better suggestions, I'm going to go with the last idea I mentioned, but instead of having a TableName field, I'm going to normalise the TableName out to it's own table as follows: TableNames ( ID, TableName ) UserPermissionsTable ( ID, Aspnet_UserId, TableID, PrimaryKeyValue )

    Read the article

  • How should I isolate computers with different roles on a network

    - by fishhead
    I work in an industrial plant and we have one network(physical wire) that us used for both office usage and for process systems. The office computers are only used for typical office needs but occasionally do connect to the process computers to obtain information from a sql server or for some other purpose. A new initiative is in the works and is rolling down hill from corporate and that is to standardize how the the computers are used at work and they would be severely locked down and only a standard set of applications will be allowed to execute. one of the requirements is to also have non office computers isolated from the company domain. our non-office computers are a mix of Man-Machine interfaces and sql-servers all running software that non standard. My question is, how can we divorce the control systems computers from the company domain but still have access to the servers from the company domain. thanks

    Read the article

  • How should I isolate computers with different roles on a network

    - by fishhead
    I work in an industrial plant and we have one network(physical wire) that us used for both office usage and for process systems. The office computers are only used for typical office needs but occasionally do connect to the process computers to obtain information from a sql server or for some other purpose. A new initiative is in the works and is rolling down hill from corporate and that is to standardize how the the computers are used at work and they would be severely locked down and only a standard set of applications will be allowed to execute. one of the requirements is to also have non office computers isolated from the company domain. our non-office computers are a mix of Man-Machine interfaces and sql-servers all running software that non standard. My question is, how can we divorce the control systems computers from the company domain but still have access to the servers from the company domain. thanks

    Read the article

  • creating cookbooks and roles with out chef-server

    - by Josh Nankin
    I want to run: knife role create blah I use chef-solo and don't need knife to connect to a server. I just would like to run these commands for helping me prepopulate the files quickly. Everytime I run of these commands it attempts to connect to a server. This does not happen for knife cookbook create blah Double-ewe tee eff. Update: I've noticed this is the case for databags and environments as well. I've read elsewhere that knife is primarily intended for use with the chef-server API, but it seems ridiculous that something like this can't be done. It just needs to save the darn file.

    Read the article

  • Datacentre Rack naming convention with flexibility for reassignment of server roles

    - by g18c
    We are just shifting across to a new rack and until now have used names of cartoon characters. This is not going to work anymore, and need a better naming convention. Physically i would like to name the servers by location, and then have an alias as to its actual function/customer, i.e. Physical name LONS1R1SVR1 meaning London, suite 1, rack 1, server 1 Customer Alias Since the servers can be reassigned from time to time, for the above physical server name, i would have an alias as a column in a spreadsheet, that would be set to the customers host-name, i.e. wwww.customerserver1.com Patching For patching, I am looking at labeling up the physically connections, i.e. LON1S1R1SVR1-PWR1 LON1S1R1SVR1-PWR2 LON1S1R1SVR1-ETH0 LON1S1R1SVR1-KVM Ultimately if i am labeling cables, I really want to avoid putting LON1S1R1SQLSVR on any patch cord in case the server gets formatted and changed from a SQL server to a WWW server which would need to relabel all the patch cords also. In addition, throwing in virtual machines, i have got confused very quickly. I appreciated that it may be confusing having a physical host-name and customer alias. Please let me know what you run with and any other standards or best practices that i can follow?

    Read the article

  • Membership Roles.GetUsersInRole not working for me

    - by Nickson
    Dim usersInRole As String() = Roles.GetUsersInRole("HR_Base_Role") Dim Myusers As New MembershipUserCollection For Each UserName As String In usersInRole Myusers.Add(Membership.GetUser(UserName)) Next ComboBox2.DataSource = Myusers The code above throws a "Specified method is not supported." exception on the first line. Any one knows what am doing wrong here?

    Read the article

  • _mask and Rails

    - by Eric Koslow
    So I am trying to get the cancan gem to work with my rails 3 app and I've hit a problem. I tried to copy the code that Ryan Bates (the creator of the gem) used in his screen cast, but I get an error saying that roles_mask is not a method. I figure that the _mask method was removed from Ruby/Rails at some point, and I'm now wondering what is the replacement. Here's the code in my user.rb model: named_scope :with_role, lambda { |role| {:conditions => "roles_mask & #{2**ROLES.index(role.to_s)} > 0 "} } ROLES = %w[admin student principal admissions] def roles=(roles) self.roles_mask = (roles & ROLES).map { |r| 2**ROLES.index(r) }.sum end def roles ROLES.reject { |r| ((roles_mask || 0) & 2**ROLES.index(r)).zero? } end def role? roles.include? role.to_s end def role_symbols roles.map(&:to_sym) end I'm using Rails 3 and Ruby 1.9.2dev Thank you

    Read the article

  • How does IPrincipal gets its roles?

    - by abatishchev
    I need to get know how SiteMapProvider.IsAccessibleToUser() works. Built-in XmlSiteMapProvider calls HttpContext.User.IsInRole() which uses System.Security.Principal.GenericPrincipal in case of forms authentication. Where does the current user gets its roles? Which provider loads this kind of information? I want to overload it and use custom logic.

    Read the article

  • SharePoint Groups\Roles using FBA

    - by Itay
    Hi All, I'm running an FBA web app, having 2 Site collections. Currently I have a SharePoint group in one site collection, and I would like to assign permission to that group in the other site collection. Since SharePoint groups are site scoped, I thought using FBA roles.. Any words on how to do this, or if this it the recommended way? Thanks.

    Read the article

  • Extending ASP.NET role providers

    - by Quick Joe Smith
    Because the RoleProvider interface seems to treat roles as nothing more than simple strings, I'm wondering if there is any non-hacky way to apply an optional value for a role on a per-user basis. Our current login management system implements roles as key-value pairs, where the value part is optional and usually used to clarify or limit the permissions granted by a role. For example, a role 'editor' might contain a user 'barry', but for 'barry' it will have an optional value 'raptors', which the system would interpret to mean that Barry can only edit articles filed under the 'raptors' category. I have seen elsewhere a suggestion to simply create additional delimited roles, such as 'editor.raptors' or somesuch. That's not really going to be ideal because it would bloat the number of roles greatly, and I can tell it's going to be a very hard sell to replace our current implementation (which is also very less than ideal, but has the advantage of being custom made to work with our user database). I can tell already that the concatenation method mentioned above is going to involve a lot of tedious string-splitting and partial matching. Is there a better way?

    Read the article

  • How to configure the roles in my tomcat application to work with JNDI(WIN AUTH)

    - by Itay Levin
    Hi, I'm trying to change the authentication mode of my application from JDBC-REALM to JNDI-REALM. I configured the following section inside the Server.xml <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://****:389/DC=onsetinc,DC=com??sAMccountName?sub?(objectClass=*)" connectionName="[email protected]" connectionPassword="password" userBase="CN=Users" referrals="follow" userSearch="(sAMAccountName={0})" userSubtree="true" roleBase="CN=Users" roleName="name" roleSubtree="true" roleSearch="(member={1})"/> I have also configured the web.xml under my appfolder to contain the following: <security-role> <role-name>Admin</role-name> </security-role> <security-role> <role-name>WaterlooUsers</role-name> </security-role> <security-constraint> <web-resource-collection> <web-resource-name>Tube</web-resource-name> <url-pattern>/ComposeMessage.jsp</url-pattern> <url-pattern>/PageStatus.jsp</url-pattern> <url-pattern>/UserStatus.jsp</url-pattern> <url-pattern>/SearchEC.jsp</url-pattern> <url-pattern>/SearchEC2.jsp</url-pattern> <url-pattern>/SearchMessageStatisticsEC.jsp</url-pattern> <url-pattern>/SearchMessageStatus.jsp</url-pattern> <url-pattern>/SearchMessageStatisticsPager.jsp</url-pattern> <url-pattern>/SearchPageStatus.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>WaterlooUsers</role-name> </auth-constraint> </security-constraint> In my Active directory i have created a new group called WaterlooUsers It's distinguish name is : distinguishedName: CN=WaterlooUsers,CN=Users,DC=onsetinc,DC=com It has a property member which contains the following user: member: CN=Itay Levin,CN=Users,DC=onsetinc,DC=com (which is my user) My record on the active directory looks like that: sAMAccountName: itayL distinguishedName: CN=Itay Levin,CN=Users,DC=onsetinc,DC=com memberOf: CN=WaterlooUsers,CN=Users,DC=onsetinc,DC=com and when i get the popup for user/password i enter the username "ItayL" in the authentication message box (and my password) I have 2 questions: How do i configure correctly the roles parameters correctly in the Realm section in the server.xml to enable me to both authenticate and authorize both this group of users WaterlooUsers and also assign them to the appropriate role so that they can see all the relevant pages in my website. - currently it seems that all the Users in my domain are authenticated to the site but get the http-403 Error and can't access any of the pages in the site. I also want to be able to create 2 different set of roles in my site - which can both have access to the same pages - but will see different things on the page. (for instance adding some administrative ability to the admin) Hope it was clear enough and not too long. Thanks in advance, Itay

    Read the article

  • Jersey, Apache HTTPD, and javax.annotation.security usage

    - by Nick Klauer
    So I'm having a heck of a time trying to piece together what I think is a pretty simple implementation. This is very similar to another StackOverflow question only I can't leverage Tomcat to handle role based authentication. I have an Apache httpd server in front of my app that handles authentication and then passes LDAP roles to a Jersey service through Headers. I've created a servlet filter to parse the header and tease out the roles the request came from, which works fine globally to the app, but isn't fine-grained enough to dictate what an Admin could do that a User could not. I'm thinking I could use the javax.annotation.security annotations that JAX-RS supports, but I don't know how to take what I've parsed out using a servlet filter to set or instantiate the SecurityContext necessary for the roles @RolesAllowed.

    Read the article

  • Spring security access with multiple roles

    - by Evgeny Makarov
    I want to define access for some pages for user who has one of following roles (ROLE1 or ROLE2) I'm trying to configure this in my spring security xml file as following: <security:http entry-point-ref="restAuthenticationEntryPoint" access-decision-manager-ref="accessDecisionManager" xmlns="http://www.springframework.org/schema/security" use-expressions="true"> <!-- skipped configuration --> <security:intercept-url pattern="/rest/api/myUrl*" access="hasRole('ROLE1') or hasRole('ROLE2')" /> <!-- skipped configuration --> </security:http> I've tried various ways like: access="hasRole('ROLE1, ROLE2')" access="hasRole('ROLE1', 'ROLE2')" access="hasAnyRole('[ROLE1', 'ROLE2]')" etc but nothing seems to be working. I'm keep getting exception java.lang.IllegalArgumentException: Unsupported configuration attributes: or java.lang.IllegalArgumentException: Failed to parse expression 'hasAnyRole(['ROLE1', 'ROLE2'])' how should it be configured? Thanks

    Read the article

  • GetRolesForUser tries to get Roles on old username?

    - by Xaisoft
    I have a section on a page where a user can change their username. This is basically the code for that: user.UserName = txtNewUserName.Text; user.Save(); user is a class in my dbml and Save calls SubmitChanges on the data context. The name is changed in the database, so when it calls the following method, it fails because it is trying to get the user with the old username instead of the one that is in the database now. public override string[] GetRolesForUser(string username) { return dc.Users.Where(u => u.UserName== username) .SingleOrDefault().Roles .Select(r => r.RoleName).ToArray<string>(); }

    Read the article

  • PrincipalPermission - roles seperate from permissions

    - by Leblanc Meneses
    I've been using PrincipalPermission for a while in wcf services. [PrincipalPermission(SecurityAction.Demand, Role = SecurityRoles.CanManageUsers)] although now i have a requirement to simplify roles by business unit. - currently aspnet_roles has fine grained can* permissions. Here is my approach and wanted to see if anyone can provide feedback, code review before i implement my suggestion. 1) aspnet_roles - business unit role 2) create permission table and Role_Permission table and User_Permission table (many to many) 3) create custom CodeAccessSecurityAttribute + that looks at new tables [CustomPermissionCheck(Security.Demand, HasPermission="can*")] first iteration i'll statically new the dependent repository.. ideally i would like an aop style attribute that has repository injected IPermissionRepository.HasPermission(...); If i approach new aop way i probably will stop inheriting from CodeAccessSecurityAttribute -- what do the security guys have to say about this? has anyone else solved this, is there something in the framework that i've missed?

    Read the article

  • SQL Server: query database user roles for all databases in server

    - by atricapilla
    I would like to make a query for database user roles for all databases in my sql server instance. I modified a query from sp_helpuser: select u.name ,case when (r.principal_id is null) then 'public' else r.name end ,l.default_database_name ,u.default_schema_name ,u.principal_id from sys.database_principals u left join (sys.database_role_members m join sys.database_principals r on m.role_principal_id = r.principal_id) on m.member_principal_id = u.principal_id left join sys.server_principals l on u.sid = l.sid where u.type <> 'R' How can I modify this to query from all databases? What is the link between sys.databases and sys.database_principals?

    Read the article

  • Spring security with database and multiple roles?

    - by Joe
    I'm trying to make an application using spring 3.0. Now I've decided to try my hand at spring-security and hibernate. I've already seen that it's possible to back it with a databasem and I've seen a reference to defining your own queries? Now the problem I have is that the tutorials I've been finding aren't too clear and that they assume that a user can only have one role. I want to give some users multiple roles. So I was thinking about a database scheme along the lines of: User: user_id username password registrationDate User_Role: user_id role_id Role: role_id rolename Now I was wondering if anyone had some pointers to some usefull tutorials/advice/comments.

    Read the article

  • Non RBAC User Roles and Permissions System: checking the user's City

    - by micha12
    We are currently designing a User Roles and Permissions System in our web application (ASP.NET), and it seems that we have several cases that do no fit within the classical Role-Based Access Control (RBAC). I will post several questions, each devoted to a particular case, this being the first post. We have the following case: not to allow a user view a certain page if the user lives in a particular city. This is a simple case that is coded in the following way: if (User.City == “Moscow”) // Allow the user to view the page. else // Do not allow the user to view this page. Though this case is very simple and straightforward, it has nothing to do with the RBAC. On StackOverflow, someone called this an Attribute-based Access Control. Under the classical RBAC, it seems that this case should be designed like this: introduce a permission “City where the person lives”, this permission will have a property City. Then create a role, add a permission of type “City = Moscow” to it and the assign the role to the user. Looks extremely cumbersome. The question is whether it is acceptable to introduce such non-RBAC approaches to our permissions system – does that break the design or not? This might seem a primitive question, but we found that most applications use pure RBAC, and we started to think that we might be doing something wrong. Thank you.

    Read the article

  • Assigning specific menu administration rights for roles in drupal

    - by Martin Andersson
    Hello folks. I'm trying to give one of my roles the administrative rights to add/remove content in a specific menu (but not all menus). I think I found a module that should enable something like this, http://drupalmodules.com/module/delegate-menu-administration I've followed the instructions, added the role to my user, checked the "administer some menus" value for that role and checked the "Make admin" field for that role and specific menu in Menus. I also gave the role permissions to change page and story content. However, it still wont let the user add any new content it creates in any menu, and I get an error message saying "warning: Invalid argument supplied for foreach() in /home/martin/www/drupal/modules/delegate_menu_admin/delegate_menu_admin.module on line 346." Line 346 looks like this: foreach ($form['menu']['parent']['#options'] as $key => $value) { I did a print_r($form); in the file just before it and there's no such array that I can see: [menu] => Array ( [#access] => 1 [delete] => Array ( [#access] => ) ) When I gave the role "administer menu" permissions, nothing extra was printed at all, leading me to the assumption that the delegate_menu_admin.module file is not used at all while both the "administer menu" and the "administer some menus" (from the delegate-menu-administration module) permissions are set! Is this some incompatibility between the module because of some drupal update? Or am I just too tired and too stupid? :)

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >